Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls. The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek.
Palo Alto Networks is working on patches for a critical PAN-OS zero-day that has been exploited to hack some of the company’s firewall models.
Tracked as CVE-2026-0300, the vulnerability has been described as a buffer overflow affecting the User-ID Authentication Portal (Captive Portal) service of PAN-OS software.
The zero-day affects PA and VM series firewalls, allowing an unauthenticated attacker to execute malicious code with root privileges via specially crafted packets.
Source: https://www.securityweek.com/palo-alto-networks-to-patch-zero-day-exploited-to-hack-firewalls/
Related breach coverage
- Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking2026-05-07
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.
- Cybersecurity M&A Roundup: 33 Deals Announced in April 20262026-05-04
Significant cybersecurity M&A deals announced by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket. The post Cybersecurity M&A Roundup: 33 Deals Announced in April 2026 appeared first on SecurityWeek.
- Palo Alto warns of critical software bug used in firewall attacks2026-05-06
A patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.
- Critical Remote Code Execution Vulnerability Patched in Android2026-05-05
CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.